I find the MAG docs very confusing - they are split across MAG, MAS and the SDK often with duplication, and at differing levels of freshness.
I'm hoping someone can answer this one for me:
- the customer has MAG licences, but all they want to do is make a simply pubic mobile app - it would make sense for this to be exposed as 2 APIs:
- the oauth2.0 token API endpoint for tokens (with password grant)
- the protected API secured with oauth token for the retrieval of the customer information.
However, if possible they'd like to use the SDK to build the mobile app calls rather than hand crank the oauth call, etc.
Is this possible ? Reading the docs, it is not clear in the slightest - most of the docs talk about the SSO flows which include registering devices and a whole bunch of other functionality which is complete overkill for this usecase.
I'd expect something like a cut down config file for the app which configures the client id, client secret, scope, etc and then a basic method the app can call to login and get a token, and then they write there call to the protected API (with the token).
Or is the only use case that the SDK can be used for, the full SSO one - with device registration, mutual TLS, etc, etc - this just seems utter overkill for what they want to do for now.